—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco TelePresence Video Communication Server Test Validation Script Issue

Advisory ID: cisco-sa-20181107-vcsd

Revision: 1.1

For Public Release: 2018 November 7 09:00 GMT

Last Updated: 2018 November 8 22:05 GMT

CVE ID(s): NA

+———————————————————————

Summary

=======

A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images. This includes an exploit for the Dirty CoW vulnerability (CVE-2016-5195). The purpose of this QA validation step is to make sure the Cisco product contains the required fixes for this vulnerability.

The presence of the sample, dormant exploit code does not represent nor allow an exploitable vulnerability on the product, nor does it present a risk to the product itself as all of the required patches for this vulnerability have been integrated into all shipping software images.

The affected software images have proactively been removed from the Cisco Software Center and will soon be replaced with fixed software images. Bug ID CSCvn17278 has been opened to track this issue.

Customers that still require access to the affected software images and have a valid cisco.com account will need to open a case with the Cisco TAC and submit a request for Special File access [“https://www.cisco.com/cgi-bin/Software/SFA/sfa.cgi”] in order to download the software images.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJb5LOqXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczhmEP/0U7mRsIfRK1O3E+LjoYBNaSBIwX
XOltnVr/QlQeKY0N/CQyOy8aB6H3qQ/PWGMjZ/9VVs7rGoevc3C50VSn4SeTT31l
Rr7fabTD0dpg600urnT7CckwvYjhAZxJtYQD7PKcUXUEboah9A/jW7TIpFqbzMj5
w2YCchlNlvXXlo8bEXp+5g9icWLPjHWelueg5v5WwGLUue0wWIsncshUodIfrFYv
q1KgW8+hkm6QpOGi9SZ8iotNB0LuzB+aNDG0oIl9be/KgG2dfhP6VT0J48JoABc1
5FlFo10iFtC6MyjD2BSFmGVXKAKIcFlhZDiI8eM/lhVTnegclwIhpsVY9Zi6v6Db
GowHlzsV7Wz9hdGIqFoJ5k7Jh7Aez0CNPjEe7ukXw+dFW4ZS4fjaDFi7Zg5bp52L
UIRiNPBcGOqhBkA07GB4YiMnNw2USpYab9COD7NQVMWwGjRSvfaY/eILOZJD7W2G
m2NrsNb1QQx5pGnMMagbh7Gk6Jei5VowrGayO18Ek3ff1MUxKaYZxlDU9uEtsEDz
3M2Mfk1x/Fm88AxJwaGb4G0wWNfF//I02Qg2wy/QGUAql/wjg4yGYr0qwKKkgia1
Eylse1OcmBLTgrI+I/SLdesOvgwOvsU/Lj4vxq+fDiHY9SA6MjGYzWSPOCa3FiGA
LTRPnUA//4Eqdn9Z
=HvDq
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com